子网之间的路由问题

网络工程 路由 思科-ASA 虚拟专用网
2022-03-03 19:14:22

这是我的场景。

我有 2 个办公室和一个远程工作人员。办公室 1:192.168.11.0/24 – Cisco ASA 5505、ASA 8.2(5) 办公室 2:192.168.12.0/24 – Cisco ASA 5505、ASA 8.2(5) 办公室 2 打印机:192.168.12.50 远程工作人员 192.168.54.0/24 – 思科 Anyconnect 客户端 3.1

办公室 1 和 2 与站点到站点 VPN 连接。远程工作人员通过 anyconnect 客户端连接到办公室 1。办公室 2 中安装了一台打印机,用户需要打印到该打印机。

办公室 1 可以与远程工作人员网络和办公室 2 网络通信,但远程工作人员网络不能与办公室 2 网络通信,反之亦然。我已尝试向两个 ASA 添加路由和防火墙规则,但我不完全确定将路由和规则应用到哪个接口,或者我是否缺少其他任何东西来获得办公室 2 和远程工作者。任何帮助将不胜感激!办公室 1 配置(主办公室) 主办公室

命令的结果:“sh run”

: Saved
:
ASA Version 8.2(5) 
!
hostname BHBBJASA
[...]
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.11.253 255.255.255.0 
!
interface Vlan2
 nameif outside
 security-level 0
 ip address [External IP] 255.255.255.224 
!
interface Vlan22
 description Secondary ISP Internet line for backup Internet in the event of Primary ISP failure.
 no nameif
 security-level 0
 ip address Secondary ISP 255.255.255.252 
!
interface Vlan32
 no forward interface Vlan2
 nameif SIP
 security-level 0
 ip address New_SIP 255.255.255.224 
!
ftp mode passive
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 192.168.11.231
 name-server 8.8.8.8
 domain-name medserv.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network WESTPARKMEDITECH
 network-object host [External IP]
 network-object host [External IP]
 network-object host [External IP]
 network-object host [External IP]
 network-object host [External IP]
 network-object host [External IP]
 network-object host [External IP]
object-group network DM_INLINE_NETWORK_1
 network-object host WPHPACS
 group-object WESTPARKMEDITECH
object-group network PVHCPACS
 network-object host PVHPACS1
 network-object host PVHPACS2
 network-object host PVHPACS3
object-group network 192
 network-object 192.168.1.0 255.255.255.0
object-group service tcp tcp
 port-object eq 3389
object-group network DM_INLINE_NETWORK_2
 network-object host WPHPACS
 network-object [External IP] 255.255.255.0
 network-object host [External IP]
 network-object host [External IP]
 network-object host WPHPACS6_5Upgrade
object-group network voice-data
 network-object 192.168.121.0 255.255.255.0
 network-object 192.168.221.0 255.255.255.0
object-group network inside-data-voice
 network-object 192.168.11.0 255.255.255.0
 network-object 192.168.21.0 255.255.255.0
object-group network DM_INLINE_NETWORK_4
 network-object OmniMRI-Pacs 255.255.255.0
 network-object host OmniMRI
object-group protocol DM_INLINE_PROTOCOL_2
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_3
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_4
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group network DM_INLINE_NETWORK_5
 network-object OmniMRI-Pacs 255.255.255.0
 network-object host OmniMRI
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_5
 protocol-object ip
 protocol-object icmp
 protocol-object udp
 protocol-object tcp
object-group service VOIP-SIP_for_PhoneSystem
 service-object tcp-udp range 10000 20000 
 service-object tcp-udp eq 143 
 service-object tcp-udp eq 22 
 service-object tcp-udp eq 443 
 service-object tcp-udp range sip 5062 
 service-object tcp-udp eq 5222 
 service-object tcp-udp eq 5269 
 service-object tcp-udp eq 843 
 service-object tcp-udp eq www 
 service-object tcp eq sip 
object-group network DM_INLINE_NETWORK_3
 network-object host WPHPACS
 network-object [External IP] 255.255.255.0
object-group network DM_INLINE_NETWORK_6
 network-object host WPHPACS
 network-object host WPHPACS6_5Upgrade
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group service DM_INLINE_SERVICE_1
 service-object tcp-udp 
 service-object ip 
 group-object VOIP-SIP_for_PhoneSystem
object-group service DM_INLINE_SERVICE_2
 service-object tcp-udp 
 service-object ip 
 group-object VOIP-SIP_for_PhoneSystem
object-group service DM_INLINE_SERVICE_3
 service-object ip 
 group-object VOIP-SIP_for_PhoneSystem
object-group service DM_INLINE_SERVICE_4
 service-object ip 
 group-object VOIP-SIP_for_PhoneSystem
object-group network DM_INLINE_NETWORK_7
 network-object Platinum_Office 255.255.255.0
 network-object Worland_Office 255.255.255.0
object-group network DM_INLINE_NETWORK_8
 network-object 192.168.11.0 255.255.255.0
 network-object Worland_Office 255.255.255.0
object-group network DM_INLINE_NETWORK_11
 network-object 192.168.11.0 255.255.255.0
 network-object Worland_Office 255.255.255.0
object-group protocol DM_INLINE_PROTOCOL_6
 protocol-object ip
 protocol-object icmp
object-group service DM_INLINE_TCP_2 tcp
 port-object eq 3389
 port-object eq 50000
object-group network DM_INLINE_NETWORK_10
 network-object host Washakie_PACS_Live
 network-object host Washakie_Pacs_Test
object-group network DM_INLINE_NETWORK_12
 network-object host Washakie_PACS_Live
 network-object host Washakie_Pacs_Test
object-group network DM_INLINE_NETWORK_13
 network-object host Washakie_PACS_Live
 network-object host Washakie_Pacs_Test
object-group network DM_INLINE_NETWORK_14
 network-object host Washakie_PACS_Live
 network-object host Washakie_Pacs_Test
object-group network DM_INLINE_NETWORK_15
 network-object host Washakie_PACS_Live
 network-object host Washakie_Pacs_Test
object-group network DM_INLINE_NETWORK_16
 network-object 192.168.11.0 255.255.255.0
 network-object Platinum_Office 255.255.255.0
object-group network VPN-Network
object-group protocol DM_INLINE_PROTOCOL_7
 protocol-object ip
 protocol-object udp
 protocol-object tcp
 protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_8
 protocol-object ip
 protocol-object udp
 protocol-object tcp
 protocol-object icmp
access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 
access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS 
access-list inside_nat0_outbound extended permit ip host [External IP] host 192.168.11.15 
access-list inside_nat0_outbound extended permit ip any 192.168.221.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip any 192.168.121.0 255.255.255.0 
access-list inside_nat0_outbound extended permit ip object-group inside-data-voice object-group voice-data 
access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 OmniMRI-Pacs 255.255.255.0 
access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 
access-list outside_cryptomap_1 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS 
access-list Gottschi_access_in extended permit ip any any 
access-list Gottschi_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 any 
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended permit tcp host PhoneSystemPublicIP any eq https inactive 
access-list inside_access_in extended permit tcp host PhoneSystem any eq https inactive 
access-list inside_access_in extended permit tcp any host [External IP] eq 3389 
access-list inside_access_in extended permit tcp any any eq 3389 
access-list inside_access_in extended permit tcp any any eq https 
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 
access-list inside_access_in extended permit ip any [External IP] 255.255.255.0 
access-list inside_access_in extended permit ip any host New_SIP 
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_3 Platinum_Office 255.255.255.0 any 
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_4 Worland_Office 255.255.255.0 any 
access-list inside_access_in extended permit tcp any host [External IP] eq https 
access-list inside_access_in extended permit tcp host Opal-Rad-PACS host [External IP] eq 50000 inactive 
access-list inside_access_in extended permit ip Washakie 255.255.255.0 192.168.11.0 255.255.255.0 
access-list inside_access_in extended permit ip object-group DM_INLINE_NETWORK_12 any 
access-list inside_access_in extended permit ip host Hot_Springs_PACS 192.168.11.0 255.255.255.0 
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_8 RemoteAccessNetwork 255.255.255.0 any 
access-list outside_in extended permit tcp any host [External IP] eq 3389 
access-list outside_in extended permit ip 192.168.1.0 255.255.255.0 any 
access-list outside_in extended permit tcp host [External IP] 192.168.11.0 255.255.255.0 
access-list outside_in extended permit udp host [External IP] 192.168.11.0 255.255.255.0 
access-list outside_in extended permit ip host [External IP] 192.168.11.0 255.255.255.0 
access-list outside_in extended permit icmp any any 
access-list outside_in extended permit icmp host [External IP] 192.168.11.0 255.255.255.0 
access-list outside_in extended permit tcp any host [External IP] object-group DM_INLINE_TCP_2 
access-list outside_in extended permit tcp any host [External IP] eq https 
access-list outside_in extended permit object-group VOIP-SIP_for_PhoneSystem any host PhoneSystemPublicIP 
access-list outside_in extended permit ip any host PhoneSystemPublicIP inactive 
access-list outside_in extended permit tcp host PhoneSystemPublicIP any eq https inactive 
access-list outside_in extended permit ip any any 
access-list outside_in extended permit tcp any any eq https 
access-list outside_in extended permit object-group DM_INLINE_PROTOCOL_6 object-group DM_INLINE_NETWORK_3 object-group DM_INLINE_NETWORK_11 
access-list outside_in extended permit ip [External IP] 255.255.255.0 192.168.11.0 255.255.255.0 
access-list outside_in extended permit icmp any host New_SIP 
access-list outside_in extended permit ip any host New_SIP 
access-list outside_in extended permit object-group DM_INLINE_SERVICE_2 Platinum_Office 255.255.255.0 any 
access-list outside_in extended permit object-group DM_INLINE_SERVICE_1 Worland_Office 255.255.255.0 any 
access-list outside_in extended permit ip 192.168.11.0 255.255.255.0 Washakie 255.255.255.0 
access-list outside_in extended permit ip Washakie 255.255.255.0 192.168.11.0 255.255.255.0 
access-list outside_in extended permit ip object-group DM_INLINE_NETWORK_13 any 
access-list outside_in extended permit ip host Hot_Springs_PACS 192.168.11.0 255.255.255.0 
access-list outside_in extended permit tcp any host [External IP] eq 8080 
access-list outside_in extended permit object-group DM_INLINE_PROTOCOL_7 RemoteAccessNetwork 255.255.255.192 any 
access-list outside_cryptomap extended permit ip 192.168.11.0 255.255.255.0 192.168.1.0 255.255.255.0 
access-list deleteme extended permit ip host [External IP] any inactive 
access-list deleteme extended permit ip host [External IP] any 
access-list inside_nat0_outbound_1 extended permit ip host [External IP] any 
access-list inside_nat0_outbound_1 extended permit icmp host [External IP] any 
access-list outside_nat0_outbound extended permit ip host [External IP] any 
access-list outside_nat0_outbound extended permit icmp host [External IP] any 
access-list outside_nat0_outbound_1 extended permit ip host [External IP] host 192.168.11.15 
access-list outside_nat0_outbound_1 extended permit ip RemoteAccessNetwork 255.255.255.0 any 
access-list remoteaccess_splittunnelacl standard permit 192.168.11.0 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit 192.168.21.0 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit 192.168.221.0 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit 192.168.121.0 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit RemoteAccessNetwork 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit Worland_Office 255.255.255.0 
access-list remoteaccess_splittunnelacl standard permit Platinum_Office 255.255.255.0 
access-list outside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 OmniMRI-Pacs 255.255.255.0 
access-list outside_nat0_outbound_2 extended permit ip [External IP] 255.255.255.0 object-group DM_INLINE_NETWORK_16 
access-list outside_nat0_outbound_2 extended permit ip object-group DM_INLINE_NETWORK_15 192.168.11.0 255.255.255.0 
access-list outside_cryptomap_2 extended permit ip object-group inside-data-voice object-group voice-data 
access-list mycap extended permit ip host [External IP] host [External IP] 
access-list mycap extended permit ip host [External IP] host [External IP] 
access-list outside_5_cryptomap extended permit object-group DM_INLINE_PROTOCOL_5 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 
access-list outside_cryptomap_3 extended permit ip object-group DM_INLINE_NETWORK_8 object-group DM_INLINE_NETWORK_2 
access-list inside_access_out extended permit ip host PhoneSystem any inactive 
access-list inside_access_out extended permit tcp any any eq https 
access-list inside_access_out extended permit ip any any 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 [External IP] 255.255.255.0 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_6 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_7 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 Washakie 255.255.255.0 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_14 
access-list inside_nat0_outbound_2 extended permit ip Platinum_Office 255.255.255.0 host WPHPACS 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 host Hot_Springs_PACS 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 RemoteAccessNetwork 255.255.255.192 
access-list inside_nat0_outbound_2 extended permit ip 192.168.11.0 255.255.255.0 192.168.11.0 255.255.255.0 
access-list outside_cryptomap_4 extended permit ip 192.168.11.0 255.255.255.0 Platinum_Office 255.255.255.0 
access-list SIP_access_in extended permit ip any any 
access-list SIP_access_in extended permit ip 192.168.11.0 255.255.255.0 any 
access-list outside_cryptomap_5 extended permit ip 192.168.11.0 255.255.255.0 Worland_Office 255.255.255.0 
access-list outside_cryptomap_6 extended permit ip 192.168.11.0 255.255.255.0 object-group PVHCPACS 
access-list outside_9_cryptomap extended permit ip 192.168.11.0 255.255.255.0 object-group DM_INLINE_NETWORK_10 
access-list outside_cryptomap_7 extended permit ip 192.168.11.0 255.255.255.0 host Hot_Springs_PACS 
pager lines 24
logging enable
logging asdm debugging
mtu inside 1500
mtu outside 1500
mtu SIP 1500
ip local pool Remoteusers 192.168.54.1-192.168.54.50
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_2
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 0 access-list outside_nat0_outbound_2
nat (outside) 0 access-list outside_nat0_outbound_1 outside
static (inside,outside) tcp [External IP] 3389 domain.local 3389 netmask 255.255.255.255 
static (inside,outside) tcp [External IP] https domain.local https netmask 255.255.255.255 
static (inside,outside) tcp interface https Opal-Rad-PACS https netmask 255.255.255.255 
static (inside,outside) PhoneSystemPublicIP PhoneSystem netmask 255.255.255.255 
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 [External IP] 10
route inside Platinum_Office 255.255.255.0 192.168.12.1 1
route inside RemoteAccessNetwork 255.255.255.0 192.168.54.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no sysopt connection permit-vpn
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_cryptomap_3
crypto map outside_map 1 set pfs 
crypto map outside_map 1 set peer [External IP] 
crypto map outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 2 match address outside_cryptomap_1
crypto map outside_map 2 set peer [External IP] 
crypto map outside_map 2 set transform-set ESP-3DES-MD5 ESP-3DES-SHA
crypto map outside_map 2 set reverse-route
crypto map outside_map 3 match address outside_cryptomap
crypto map outside_map 3 set peer [External IP] 
crypto map outside_map 3 set transform-set ESP-3DES-MD5
crypto map outside_map 3 set reverse-route
crypto map outside_map 4 match address outside_cryptomap_2
crypto map outside_map 4 set peer [External IP] 
crypto map outside_map 4 set transform-set ESP-3DES-SHA
crypto map outside_map 5 match address outside_5_cryptomap
crypto map outside_map 5 set peer OmniMRI 
crypto map outside_map 5 set transform-set ESP-3DES-SHA
crypto map outside_map 5 set reverse-route
crypto map outside_map 6 match address outside_cryptomap_4
crypto map outside_map 6 set pfs group1
crypto map outside_map 6 set peer [External IP] 
crypto map outside_map 6 set transform-set ESP-3DES-SHA
crypto map outside_map 7 match address outside_cryptomap_5
crypto map outside_map 7 set peer [External IP] 
crypto map outside_map 7 set transform-set ESP-3DES-SHA
crypto map outside_map 8 match address outside_cryptomap_6
crypto map outside_map 8 set peer [External IP] 
crypto map outside_map 8 set transform-set ESP-3DES-MD5
crypto map outside_map 9 match address outside_9_cryptomap
crypto map outside_map 9 set pfs group1
crypto map outside_map 9 set peer [External IP] 
crypto map outside_map 9 set transform-set ESP-3DES-SHA
crypto map outside_map 10 match address outside_cryptomap_7
crypto map outside_map 10 set pfs 
crypto map outside_map 10 set peer [External IP] 
crypto map outside_map 10 set transform-set ESP-AES-256-MD5 ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-128-MD5 ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint BHB_ASDM_TrustPoint0
 enrollment self
 subject-name CN=medserv.local
 keypair VPN
 crl configure
crypto ca certificate chain BHB_ASDM_TrustPoint0
 certificate *************************
  quit
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 5
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 28800
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp ipsec-over-tcp port 10000 
telnet 192.168.11.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 192.168.11.250
dhcpd auto_config outside
!
dhcpd auto_config outside interface inside
!

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point BHB_ASDM_TrustPoint0 outside
webvpn
 port 8080
 enable outside
 portal-access-rule 1 permit any
 svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 regex "Windows NT"
 svc profiles BHB_remote disk0:/bhb_remote.xml
 svc enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
group-policy "Omni Imaging" internal
group-policy "Omni Imaging" attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy GroupPolicy7 internal
group-policy GroupPolicy7 attributes
 vpn-tunnel-protocol IPSec 
group-policy GroupPolicy6 internal
group-policy GroupPolicy6 attributes
 vpn-tunnel-protocol IPSec 
group-policy GroupPolicy5 internal
group-policy GroupPolicy5 attributes
 vpn-tunnel-protocol IPSec 
group-policy GroupPolicy4 internal
group-policy GroupPolicy4 attributes
 vpn-tunnel-protocol IPSec 
group-policy GroupPolicy3 internal
group-policy GroupPolicy3 attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec 
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
 vpn-tunnel-protocol IPSec 
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy PVHC internal
group-policy remoteaccess internal
group-policy remoteaccess attributes
 dns-server value 192.168.11.250
 vpn-access-hours none
 vpn-idle-timeout none
 vpn-session-timeout none
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value remoteaccess_splittunnelacl
 default-domain value bhbbj.local
 nem enable
 webvpn
  url-list none
group-policy bhbremote internal
group-policy bhbremote attributes
 dns-server value 4.4.2.2 8.8.8.8
 vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
 default-domain value medserv.local
group-policy  internal
group-policy  attributes
 vpn-filter none
 vpn-tunnel-protocol IPSec 
group-policy WPH internal
group-policy WPH attributes
 vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
username admin password ************************ encrypted privilege 15
username vpntunnel password ******************* encrypted
username vpntunnel attributes
 vpn-group-policy remoteaccess
username cerium password ********************* encrypted privilege 15
username ltemplin password ******************* encrypted
username ltemplin attributes
 vpn-group-policy bhbremote
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy WPH
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy GroupPolicy1
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group remoteaccess type remote-access
tunnel-group remoteaccess general-attributes
 address-pool (inside) remoteusers
 address-pool (inside) Remoteusers
 default-group-policy remoteaccess
tunnel-group remoteaccess ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy 
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy "Omni Imaging"
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy GroupPolicy6
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] general-attributes
 default-group-policy GroupPolicy5
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group [External IP] type ipsec-l2l
tunnel-group [External IP] ipsec-attributes
 pre-shared-key *****
tunnel-group bhbremote type remote-access
tunnel-group bhbremote general-attributes
 address-pool Remoteusers
 default-group-policy bhbremote
tunnel-group bhbremote ipsec-attributes
 pre-shared-key *****
tunnel-group BHB_VPN type remote-access
tunnel-group BHB_VPN general-attributes
 address-pool Remoteusers
tunnel-group BHB_VPN ipsec-attributes
 trust-point BHB_ASDM_TrustPoint0
tunnel-group BHB type remote-access
tunnel-group BHB general-attributes
 address-pool (inside) Remoteusers
 address-pool Remoteusers
 default-group-policy remoteaccess
tunnel-group BHB webvpn-attributes
 group-alias BHB enable
 group-url https://[External IP]/BHB enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
: end
1个回答

我不是 Cisco VPN 专家,但您需要检查以下几点:

  • 当远程工作人员连接到 VPN 时,它需要获取到打印机 (192.168.12.50) 的路由
  • 对于反向路径,打印机需要有一条通往远程工作人员子网的路由(或一条通往知道如何将数据包路由到远程工作人员子网的设备的默认路由)
其它你可能感兴趣的问题
上一篇交换机 MAC 表中的 MAC 地址不正确 下一篇在专用网络上托管多个 Web 服务器或 Web 应用程序